Security Bulletin for WebSphere MQ

Abstract Vulnerability risk information for WebSphere MQ. Content This security bulletin for WebSphere MQ is a way for you to obtain security risk assessment information for APARs that address issues which are considered to be security vulnerabilities. The intention is to provide enough informati...

CVE-2015-2012

The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file...

CVE-2015-2012

The CVE-2015-2012 entry concerns IBM WebSphere MQ WMQ Telemetry’s MQXR Service. Affected are WMQ versions: 7.1 prior to 7.1.0.7, 7.5 up to 7.5.0.5, and 8.0 prior to 8.0.0.4. The vulnerability is an information disclosure caused by world-readable permissions on a plaintext file that contains the S...

CVE-2015-0176

Cross-site scripting XSS vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URI that is included in an error response...

CVE-2009-0439

IBM WebSphere MQ (WMQ) is affected by an unspecified local privilege escalation vulnerability in the queue manager. Affected software includes WMQ 5.3, WMQ 6.0 up to 6.0.2.5 (and before 6.0.2.6), and WMQ 7.0 up to 7.0.0.1 (and before 7.0.0.2). The issue is exploitable by local users via the setmq...